mmintel/gridpilot.gg
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
e151fe02d0be30f092e4ae80daaefbf834ec67b3
gridpilot.gg/tests/smoke/websiteAuth.ts
Marc Mintel 9a7efa496f remove demo code
2026-01-03 11:38:51 +01:00

170 lines
5.6 KiB
TypeScript
Raw Blame History

import type { Page, BrowserContext } from '@playwright/test';
import type { RouteAccess } from './websiteRouteInventory';
export type WebsiteAuthContext = 'public' | 'auth' | 'admin' | 'sponsor';
export type WebsiteSessionDriftMode = 'invalid-cookie' | 'expired' | 'missing-sponsor-id';
export type WebsiteFaultMode = 'null-array' | 'missing-field' | 'invalid-date';
export function authContextForAccess(access: RouteAccess): WebsiteAuthContext {
if (access === 'public') return 'public';
if (access === 'auth') return 'auth';
if (access === 'admin') return 'admin';
return 'sponsor';
}
export async function setWebsiteAuthContext(
context: BrowserContext,
auth: WebsiteAuthContext,
options: { sessionDrift?: WebsiteSessionDriftMode; faultMode?: WebsiteFaultMode } = {},
): Promise<void> {
const domain = 'localhost';
const base = { domain, path: '/' };
// The website uses `gp_session` cookie for authentication
// For smoke tests, we use normal login API with seeded demo user credentials
// to get real session cookies
if (auth === 'public') {
// No authentication needed
await context.clearCookies();
return;
}
// For authenticated contexts, we need to perform a normal login
// This ensures we get real session cookies with proper structure
// Note: All auth contexts use the same seeded demo driver user for simplicity
// Role-based access control is tested separately in integration tests
// Call the normal login API with seeded demo user credentials
// Use demo.driver@example.com for all auth contexts (driver role)
const response = await fetch('http://localhost:3101/auth/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
email: 'demo.driver@example.com',
password: 'Demo1234!',
}),
credentials: 'include',
});
if (!response.ok) {
throw new Error(`Normal login failed: ${response.status}`);
}
// Extract cookies from the response
const setCookieHeader = response.headers.get('set-cookie');
if (!setCookieHeader) {
throw new Error('No cookies set by normal login');
}
// Parse the Set-Cookie headers
const cookies = setCookieHeader.split(',').map(cookieStr => {
const parts = cookieStr.split(';').map(p => p.trim());
const [nameValue, ...attributes] = parts;
const [name, value] = nameValue.split('=');
const cookie: any = {
name,
value: decodeURIComponent(value),
domain: 'localhost',
path: '/',
expires: Math.floor(Date.now() / 1000) + 3600, // 1 hour
httpOnly: false,
secure: false,
sameSite: 'Lax' as const
};
for (const attr of attributes) {
const [attrName, attrValue] = attr.split('=');
const lowerName = attrName.toLowerCase();
if (lowerName === 'path') cookie.path = attrValue;
else if (lowerName === 'httponly') cookie.httpOnly = true;
else if (lowerName === 'secure') cookie.secure = true;
else if (lowerName === 'samesite') cookie.sameSite = attrValue as any;
else if (lowerName === 'domain') {
// Skip domain from API - we'll use localhost
}
else if (lowerName === 'max-age') cookie.expires = Math.floor(Date.now() / 1000) + parseInt(attrValue);
}
// For Docker/local testing, ensure cookies work with localhost
// Playwright's context.addCookies requires specific settings for localhost
if (cookie.domain === 'localhost') {
cookie.secure = false; // Localhost doesn't need HTTPS
// Keep sameSite as provided by API, but ensure it's compatible
if (cookie.sameSite === 'None') {
// For SameSite=None, we need Secure=true, but localhost doesn't support it
// So we fall back to Lax for local testing
cookie.sameSite = 'Lax';
}
}
return cookie;
});
// Apply session drift or fault modes if specified
if (options.sessionDrift || options.faultMode) {
const sessionCookie = cookies.find(c => c.name === 'gp_session');
if (sessionCookie) {
if (options.sessionDrift) {
sessionCookie.value = `drift-${options.sessionDrift}-${sessionCookie.value}`;
}
if (options.faultMode) {
cookies.push({
name: 'gridpilot_fault_mode',
value: options.faultMode,
domain,
path: '/',
expires: Math.floor(Date.now() / 1000) + 3600,
httpOnly: false,
secure: false,
sameSite: 'Lax' as const
});
}
}
}
// Clear existing cookies and add the new ones
await context.clearCookies();
await context.addCookies(cookies);
}
export type ConsoleCapture = {
consoleErrors: string[];
pageErrors: string[];
};
export function attachConsoleErrorCapture(page: Page): ConsoleCapture {
const consoleErrors: string[] = [];
const pageErrors: string[] = [];
page.on('pageerror', (err) => {
pageErrors.push(String(err));
});
page.on('console', (msg) => {
const type = msg.type();
if (type !== 'error') return;
const text = msg.text();
// Filter known benign warnings (keep small + generic).
if (text.includes('Download the React DevTools')) return;
// Next/Image accessibility warning (not a runtime failure for smoke coverage).
if (text.includes('Image is missing required "alt" property')) return;
// React controlled <select> warning (still renders fine; treat as non-fatal for route coverage).
if (text.includes('Use the `defaultValue` or `value` props on <select> instead of setting `selected` on <option>.')) return;
consoleErrors.push(`[${type}] ${text}`);
});
return { consoleErrors, pageErrors };
}
Reference in New Issue View Git Blame Copy Permalink